Security Buyer sits down with Brian Bishop, President of the Open Connectivity Foundation to discover his view on the current security landscape
What is the Open Connectivity Foundation’s (OCF) mission?
As the number of internet protocol (IP) connected devices grows, so does the need for secure interoperability within the Internet of Things (IoT). Otherwise, the increasing amount of sensitive data flowing across the internet between devices and clouds can easily land in the wrong hands. IoT security must be a priority, and this is what drives the OCF.
The OCF is a global, member-driven technical standards development organization comprised of over 500 members working across the enterprise layers of infrastructure, applications, and data. We aim to foster collaboration across the IoT ecosystem to ensure that IP-connected IoT devices and services are developed with interoperability, secure communication and trust in mind – and that they can communicate securely over IP, regardless of form factor, operating system, service provider, transport technology or ecosystem.
We do this by encouraging adoption of the OCF’s freely available ISO/IEC specifications, including our Secure IP Device Framework, our open-source reference implementation, and an industry-recognized certification program. This enables new secure IoT use cases and user experiences, reduces development costs for IoT devices and services, reduces integration complexity and time to market, and simplifies regulatory compliance to IoT security and privacy baselines.
Securing vital systems against cyberattacks is a key priority for the international security industry. How does the OCF’s framework mitigate security threats?
As an ISO/IEC adopted standard, our Secure IP Device Framework has been internationally agreed upon by technical experts to essentially be used as a blueprint by developers and manufacturers for the creation of secure and interoperable IoT deployments. It integrates state-of-the-art cybersecurity technologies to enable device discovery, onboarding and application-layer security for device-to-device and device-to-cloud connectivity. The use of Public Key Infrastructure (PKI) backed by strong certificate protections helps to safeguard sensitive data.
We’ve also done the legwork to benchmark our standard against all known IoT security requirement baselines – CTAC2 Conveners, UK IoT Requirements, ETSI, IASME, and NIST 8259D – comparing each paragraph of our specifications against the corresponding clause in the security baseline. Designed from the ground up, the OCF is compliant with forthcoming IoT security standards, such as the EU Radio Equipment Directive (RED).
How important is the adoption of secure open standards globally for IoT?
Standards are crucial for mass market adoption of technology as they ensure consistent quality, safety, interoperability, and compatibility of products and services. The need for secure open standards is particularly true for IoT security since developers and manufacturers are operating in a climate of increased awareness of the value of data. Users and consumers must have complete confidence that their privacy is being respected.
As IoT becomes prevalent in the likes of public housing and smart cities, the public sector will begin to assume responsibility for the associated IoT infrastructure. As a rule, governments prefer standards endorsed by formal organizations since this avoids proprietary lock-in and perceptions of bias in selecting solutions. The use of international standards such as the OCF’s ISO/IEC Secure IP Device Framework provides assurance of due process and the transparent development of IoT technologies.